Dom Nicastro over at HCPro gives insight into the status of the OCR audit program for 2013.
Top OCR officials have made it clear the audit program will continue next year, says Mac McMillan, FHIMSS, CISM, cofounder and CEO of CynergisTek, Inc., in Austin, Texas. There will be more audits going forward; HITECH requires them, says McMillan.
However, what the audit program will look like after this pilot year is still uncertain. It remains unclear how many audits OCR will conduct in 2013 and when it will expand from the existing covered entities (CE) and begin auditing business associates (BA), McMillan says.
Leon Rodriquez the head of OCR made it clear, in a past interview, that the 2012 HIPAA audits were a pilot program.
OCR recently hired the consulting firm KPMG to launch a HIPAA compliance audit program, with 150 audits anticipated by the end of 2012. Because this is the first time the office is conducting audits, the effort amounts to a pilot, Rodriguez says. As a result, he’ll be reviewing “how an audit program best advances our enforcement goals.
It will be interesting to see what changes OCR makes to their audits based on the information that they gathered during the pilot program.
Rodriguez has also previously said that OCR will offset budget cuts with HIPAA fines that they give out to organizations that are found to be in violation of the HIPAA / HITECH regulations.
OCR funding cuts “will likely be more than offset by income from monetary penalties the office collects from HIPAA violators, which can be used to fund enforcement.”
2013 is shaping up to be very interesting. Organizations need to keep pushing their compliance efforts forward. Protecting patient information should be high on the to-do list
Is your organization prepared for an OCR audit? Take our 5 minute quiz to find out!
Take the Compliance Quiz Now!
Leave a Reply